Security Basics mailing list archives
Re: ridiculous situation
From: bda <bda () mirrorshades net>
Date: Thu, 28 Nov 2002 15:11:50 -0500
Write up a decently detailed plan for migrating each of the running services off the machines onto newly installed, secure boxes. You can't trust those machines, you can't really trust the previous administrator(s), and you can't trust what you don't know. Since it's just five machines, it wouldn't take a lot of time to dig through the machines, find out what they do, how they do it, and then move all of that stuff elsewhere. Just make sure you write up a proposoal and migration plan first, and then follow it -- making notes as you go along so it's all documented. I've been through this situation several times, unfortunately. The goal is not to go around replacing every machine when you first start a new job, or inherit new responsibilities, but to assess each new device as a security risk and take the appropriate actions. On Wed, Nov 27, 2002 at 12:06:12PM -0800, harley mcdonald wrote:
hi, this is kinda broad...say you've inherited 5 ( R.H. linux ) machines. all of which have been on for a year, not firewalled and not backed up. management has a "ain't broke don't fix" mentality. i guess, what would you do? how would you be sure there are no trojans, bots etc...chkrootkit and so on, i suppose, but how reliable will the results be? how can i be sure there isn't a key-logger in the kernel. you can't simply firewall them off and leave them for dead. legal action can be taken against the company in the event of a break-in and subsequent attacks on other companies. and on and on. any ideas? h .. __________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - Let the expert host your site http://webhosting.yahoo.com
-- bda Cyberpunk is dead. Long live cyberpunk. http://mirrorshades.org
Current thread:
- ridiculous situation harley mcdonald (Nov 28)
- Re: ridiculous situation bda (Nov 28)
- Re(2): ridiculous situation Christian Friedl (Nov 29)
- Re: ridiculous situation Glenn Valenta (Nov 29)
- <Possible follow-ups>
- re: ridiculous situation H C (Nov 29)
- Re: ridiculous situation bda (Nov 28)